优化准则:应使用单向加密算法对口令进行加密并存储

sonar-keyware-plugins-cxx/src/main/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.java

@@ -41,7 +41,6 @@ public class EncryptionAlgorithmChecker extends SquidCheck<Grammar> {
         );
     }
 
-
     @Override
     public void visitNode(AstNode astNode) {
         var varName = astNode.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue();
@@ -52,19 +51,20 @@ public class EncryptionAlgorithmChecker extends SquidCheck<Grammar> {
                 var callNode = next.getFirstDescendant(CxxGrammarImpl.postfixExpression);
                 if(callNode != null){
                     var callList = callNode.getDescendants(CxxGrammarImpl.className);
-                    var funName = callList.get(callList.size() - 1).getTokenOriginalValue();
-                    var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList);
-                    if("generateHash".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> {
-                        var name = item.getTokenOriginalValue();
-                        return name != null && name.contains("password");
-                    })){
-                        cache.remove(varName);
+                    if(!callList.isEmpty()) {
+                        var funName = callList.get(callList.size() - 1).getTokenOriginalValue();
+                        var paramList = callNode.getDescendants(CxxGrammarImpl.expressionList);
+                        if("hashpw".equalsIgnoreCase(funName) && paramList.stream().anyMatch(item-> {
+                            var name = item.getTokenOriginalValue();
+                            return name != null && ("password".equals(name) || "salt".equals(name));
+                        })){
+                            cache.remove(varName);
+                        }
                     }
                 }
                 next = next.getNextSibling();
             }
             cache.values().forEach(item->{
-                System.out.println("特定字段"+item.getFirstDescendant(CxxGrammarImpl.declaratorId).getTokenOriginalValue()+"未使用单向加密算法对口令进行加密并存储");
                 getContext().createLineViolation(this, "特定字段未使用单向加密算法对口令进行加密并存储", item);
             });
         }

sonar-keyware-plugins-cxx/src/test/java/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmCheckerTest.java

@@ -29,7 +29,7 @@ public class EncryptionAlgorithmCheckerTest {
         var tester = CxxFileTesterHelper.create("EncryptionAlgorithmChecker.cc");
         SourceFile file = CxxAstScanner.scanSingleInputFile(tester.asInputFile(), checker);
         CheckMessagesVerifier.verify(file.getCheckMessages())
-                .next().atLine(8).withMessage("特定字段未使用单向加密算法对口令进行加密并存储")
+                .next().atLine(9).withMessage("特定字段未使用单向加密算法对口令进行加密并存储")
                 .noMore();
     }
 

sonar-keyware-plugins-cxx/src/test/resources/com/keyware/sonar/cxx/rules/checkers/EncryptionAlgorithmChecker.cc

@@ -1,13 +1,23 @@
 #include <iostream>
 #include <string>
-#include <bcrypt/BCrypt.hpp>
+#include <bcrypt.h>
 using namespace std;
+using namespace bcrypt;
 
-int main()
-{
-    string password = "abc123"; // 初始化密码
+int main() {
+    // 用户输入的原始密码
+    string password = "userPassword123";
 
-//     string hashedPassword = BCrypt::generateHash(password); // bcrypt 密码
+    // 使用cpp-bcrypt生成盐和哈希
+//    bcrypt::generate_salt(); // 生成一个随机盐
+//    string salt = bcrypt::get_salt();
+
+    // 使用盐和密码生成哈希
+//    string hashed_password;
+//    bcrypt::hashpw(password.c_str(), salt.c_str(), hashed_password);
+
+    // 打印生成的哈希值
+//    cout << "Generated bcrypt hash: " << hashed_password << endl;
 
     return 0;
 }